A Key Recovery Attack on Discrete Log - basedSchemes Using a Prime Order Subgroup ? Chae

نویسندگان

  • Chae Hoon Lim
  • Pil Joong Lee
چکیده

Consider the well-known oracle attack: somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits from this oracle attack, unless suitable checkings are carried out. In this paper we present a key recovery attack on various discrete log-based schemes working in a prime order subgroup. Our attack may reveal part of, or the whole secret key in most Diie-Hellman-type key exchange protocols and some applications of ElGamal encryption and signature schemes.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp

Consider the well-known oracle attack: Somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits ...

متن کامل

A New Method for Computing DLP Based on Extending Smooth Numbers to Finite Field for Ephemeral Key Recovery

In this paper, new algorithms to solve certain special instances of the Discrete Logarithm Problem (DLP) is presented. These instances are generally considered hard in literature. If a cryptosystem is based on a prime p such that p − 1 is either 2q with q a prime; or 2ρ where ρ = γ1γ2 . . . γkq with γs being small prime factors and q a large prime factor, and the exponent is chosen in the middl...

متن کامل

A Small Subgroup Attack for Recovering Ephemeral Keys in Chang and Chang Password Key Exchange Protocol

Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas. Recently Chang and Chang proposed a novel three party simple key exchange protocol and claimed the protocol is secure, efficient and practical. Unless their claim, a key recovery attack is proposed on the above protocol by recovering the ephemeral keys. One way of recoverin...

متن کامل

cient Primes for Discrete Log

This paper presents a method for generating prime moduli with a special form which can simplify the modular reduction process and reduce the storage requirement. Such moduli will be particularly useful for implementing discrete log cryptosystems under the environment with limited computing and storage resources.

متن کامل

Cryptanalysis in Prime Order Subgroups of Z

Many cryptographic protocols and cryptosystems have been proposed to make use of prime order subgroups of Z n where n is the product of two large distinct primes. In this paper we analyze a number of such schemes. While these schemes were proposed to utilize the diiculty of factoring large integers or that of nding related hidden information (e.g., the order of the group Z n), our analyzes reve...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1997